[Intel-gfx] [PATCH v15 0/6] Fixes integer overflow or integer truncation issues in page lookups, ttm place configuration and scatterlist creation
Rodrigo Vivi
rodrigo.vivi at intel.com
Wed Dec 28 17:13:08 UTC 2022
On Wed, Dec 28, 2022 at 04:25:27PM +0200, Gwan-gyeong Mun wrote:
> This patch series fixes integer overflow or integer truncation issues in
> page lookups, ttm place configuration and scatterlist creation, etc.
> We need to check that we avoid integer overflows when looking up a page,
> and so fix all the instances where we have mistakenly used a plain integer
> instead of a more suitable long.
> And there is an impedance mismatch between the scatterlist API using
> unsigned int and our memory/page accounting in unsigned long. That is we
> may try to create a scatterlist for a large object that overflows returning
> a small table into which we try to fit very many pages. As the object size
> is under the control of userspace, we have to be prudent and catch the
> conversion errors. To catch the implicit truncation as we switch from
> unsigned long into the scatterlist's unsigned int, we use improved
> overflows_type check and report E2BIG prior to the operation. This is
> already used in our create ioctls to indicate if the uABI request is simply
> too large for the backing store.
> And ttm place also has the same problem with scatterlist creation,
> and we fix the integer truncation problem with the way approached by
> scatterlist creation.
> And It corrects the error code to return -E2BIG when creating gem objects
> using ttm or shmem, if the size is too large in each case.
>
> Linux 6.2 rc1 merged into drm-tip. I resend the same patch series as the
> previous version, except for one patch[1] included in Linux 6.2 rc1 from
> the previous v15 patch series.
v6.2-rc1 is on drm-tip through drm-intel-fixes and topic/core-for-CI.
But if this series depends on a patch in the v6.2-rc1 we need to wait
drm-next to backmerge it, then we backmerge drm-next into drm-intel-next
and drm-intel-gt-next. Only then we can merge this series.
>
> There is no difference in the code from the previous version [2] that was
> updated to v15 version. And it has already been confirmed by the CI results
> of v15 that there is no regression caused by this patch series.
>
> [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4b21d25bf519c9487935a664886956bb18f04f6d
> [2] https://patchwork.freedesktop.org/series/111963/
>
> Chris Wilson (3):
> drm/i915/gem: Typecheck page lookups
> drm/i915: Check for integer truncation on scatterlist creation
> drm/i915: Remove truncation warning for large objects
>
> Gwan-gyeong Mun (3):
> drm/i915: Check for integer truncation on the configuration of ttm
> place
> drm/i915: Check if the size is too big while creating shmem file
> drm/i915: Use error code as -E2BIG when the size of gem ttm object is
> too large
>
> drivers/gpu/drm/i915/gem/i915_gem_internal.c | 7 +-
> drivers/gpu/drm/i915/gem/i915_gem_object.c | 7 +-
> drivers/gpu/drm/i915/gem/i915_gem_object.h | 303 +++++++++++++++---
> drivers/gpu/drm/i915/gem/i915_gem_pages.c | 27 +-
> drivers/gpu/drm/i915/gem/i915_gem_phys.c | 4 +
> drivers/gpu/drm/i915/gem/i915_gem_shmem.c | 23 +-
> drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 20 +-
> drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 6 +-
> .../drm/i915/gem/selftests/huge_gem_object.c | 6 +-
> .../gpu/drm/i915/gem/selftests/huge_pages.c | 8 +
> .../drm/i915/gem/selftests/i915_gem_context.c | 12 +-
> .../drm/i915/gem/selftests/i915_gem_mman.c | 8 +-
> .../drm/i915/gem/selftests/i915_gem_object.c | 8 +-
> drivers/gpu/drm/i915/gvt/dmabuf.c | 10 +-
> drivers/gpu/drm/i915/i915_gem.c | 18 +-
> drivers/gpu/drm/i915/i915_scatterlist.c | 9 +
> drivers/gpu/drm/i915/i915_vma.c | 8 +-
> drivers/gpu/drm/i915/intel_region_ttm.c | 14 +
> drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +
> drivers/gpu/drm/i915/selftests/scatterlist.c | 4 +
> 20 files changed, 420 insertions(+), 86 deletions(-)
>
> --
> 2.37.1
>
More information about the Intel-gfx
mailing list